Release [Manual] #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This Manually Executable Workflow is for NPM Releases | |
| name: Release [Manual] | |
| on: workflow_dispatch | |
| permissions: | |
| contents: write | |
| id-token: write # REQUIRED for trusted publishing | |
| jobs: | |
| Release: | |
| runs-on: ubuntu-latest | |
| # Specify environment if you configured one in npm | |
| # environment: production # Uncomment if you set an environment name in npm trusted publisher settings | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| # fetch-depth is necessary to get all tags | |
| # otherwise lerna can't detect the changes and will end up bumping the versions for all packages | |
| fetch-depth: 0 | |
| token: ${{ secrets.RELEASE_COMMIT_GH_PAT }} | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 # ✅ UPDATED to v4 | |
| with: | |
| node-version: '22' | |
| registry-url: 'https://registry.npmjs.org' | |
| always-auth: false # ✅ ADD THIS - important for trusted publishing | |
| - name: Configure CI Git User | |
| run: | | |
| git config --global user.name $CONFIG_USERNAME | |
| git config --global user.email $CONFIG_EMAIL | |
| git remote set-url origin https://$GITHUB_ACTOR:[email protected]/sourcefuse/loopback4-authentication | |
| env: | |
| GITHUB_PAT: ${{ secrets.RELEASE_COMMIT_GH_PAT }} | |
| CONFIG_USERNAME: ${{ vars.RELEASE_COMMIT_USERNAME }} | |
| CONFIG_EMAIL: ${{ vars.RELEASE_COMMIT_EMAIL }} | |
| - name: Install 📌 | |
| run: npm install | |
| - name: Test 🔧 | |
| run: npm run test | |
| # ✅ CHANGED THIS SECTION | |
| - name: Semantic Publish to NPM 🚀 | |
| run: | | |
| npm config set provenance true | |
| npm config list | |
| echo "Registry link ---: $(npm config get registry)" | |
| HUSKY=0 npx semantic-release --debug | |
| env: | |
| GH_TOKEN: ${{ secrets.RELEASE_COMMIT_GH_PAT }} | |
| # ✅ REMOVED: NPM_TOKEN is not needed with trusted publishing | |
| # The id-token: write permission above handles authentication | |
| - name: Changelog 📝 | |
| run: cd src/release_notes && HUSKY=0 node release-notes.js |